11-09-2018 12:19 AM
Has anyone noticed unusual traffic leaving to a public IP address 49.55.50.46 on the switch?
11-09-2018 12:41 AM
Hi, according to APNIC whois db, the indicated IP is part of:
inetnum: | 49.52.0.0 - 49.55.255.255 |
netname: | SHR-CERNET |
descr: | China Education and Research Network |
descr: | Shanghai Regional Network |
country: | CN |
admin-c: | CER-AP |
tech-c: | CER-AP |
status: | ALLOCATED PORTABLE |
remarks: | origin AS4538 |
remarks: | confederation |
mnt-by: | APNIC-HM |
mnt-lower: | MAINT-CERNET-AP |
mnt-routes: | MAINT-CERNET-AP |
mnt-irt: | IRT-CERNET-AP |
last-modified: | 2013-08-08T23:40:59Z |
source: | APNIC |
The AS4538 number is one of the Top 20 Route Count per Originating AS as described in this link:
https://www.cidr-report.org/as2.0/
If you see something strange you can send an email to
% Abuse contact for '49.52.0.0 - 49.55.255.255' is 'abuse@net.edu.cn'
What type of traffic have you seen?
Regards.
11-09-2018 05:36 AM
It is Netflow Traffic and I also scanned several machines intensely for virus and adware with no luck. All of the running services are valid.
I haven't configured any switch to direct traffic to this Public IP Address..and I still don't know where 49.55.50.46 came from.
This is very unusual...Is this behavior illicit or admissible in nature ??
11-09-2018 05:38 AM
Can you post logs, transport protocols and ports?
Regards.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: